Description
A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function.
Recommendation
Update the devcert package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.1.1
- Patched version(s): 1.1.2
References
Related Issues
- systeminformation command injection vulnerability - CVE-2020-7752
- Command Injection in systeminformation - CVE-2020-26300
- chrome-launcher subject to OS Command Injection - CVE-2020-7645
- Command Injection in hot-formula-parser - CVE-2020-6836
You might also like:
- Tags:
- npm
- devcert
Anything's wrong? Let us know Last updated on February 01, 2023


